CNET también está disponible en español.

Ir a español

Don't show this again

HolidayBuyer's Guide
Tech Industry

Explorer family to grow again

Microsoft posts browser security upgrade IE 3.02; tonight it promises to release central management tool IEAK.

Microsoft's (MSFT) Internet Explorer family got a little bit bigger today.

First, the company posted an upgrade to Explorer 3.0 for Windows 95 and NT that fixes recently publicized security holes in the browser. It will release the first Internet Explorer Administration Kit (IEAK) for Macintosh later tonight, a tool for managing Explorer from a central location.

At the same time, Microsoft will also post a new version of IEAK for Windows 95 and a preliminary beta of Explorer 3.01 for the Mac, the first version of its Mac browser to support JavaScript and 680x0 Mac computers.

Early last week, the company released Internet Explorer 3.02 to a limited number of beta testers. The browser contains fixes for the three security holes discovered earlier this month by university students, as well as a new feature that warns users before they download a self-extracting executable file. Microsoft also posted early last week a separate patch that fixes the existing 3.0 and 3.01 versions.

In addition to the security fixes, Explorer 3.02 contains a feature called auto-proxy. The feature makes it easier for companies to designate new proxy servers for Explorer users rather than having to manually set up a server name on each browser.

IEAK 3.2 for Windows 95 and NT takes advantage of this new auto-proxy capability in Explorer 3.02.

It's an unusual move for Microsoft to release a minor "point release" of Explorer 3.0 when it's so close to the scheduled start of beta testing for Explorer 4.0, a major new version of the browser that features greater integration with Windows and "push" capabilities. A "platform preview" of Explorer 4.0 is supposed to begin testing by the end of this month.

But in the meantime, Microsoft wanted to make it easier for new Explorer users to download the browser without having to install a security patch separately.

Fester would not predict whether this would be the last version of the 3.x series of browsers.

"We will do the best we can given the snapshot of current issues," said Fester. "Is it the last release [of Explorer 3.x]? That all depends on what the industry and the Internet have to say."

The Explorer security holes all made it possible for skilled hackers to manipulate and delete files from a user's computer without permission. Microsoft says that no real-life users were affected by the glitches.

Today, Brad Silverberg, a senior vice-president of applications and Internet client Group at Microsoft, issued an apology to Internet Explorer users for the security glitches in the browser.

"Let me begin by apologizing both for having these data security issues in the first place and for the inconvenience of your having to download the software that fixes them," Silverberg says in an open letter to Explorer users.

Since the first security bug was discovered by students from the Worcester Polytechnic Institute in early March, programmers have been busily trying to uncover more security holes in the browser. Recently, a number of Web sites have posted information on security issues, some of which affect Netscape Communications' Navigator as well as Explorer.

On one site, programmers claimed to have discovered a method for intercepting a Windows 95 login password from an Explorer user who logs onto a malicious Web site that then redirects them to Windows NT Server Message Block server.

Today, Microsoft representatives said that there is a remote possibility that a password could be intercepted over the Net using an SMB (server message block protocol) server. But, said Mike Nash, director of marketing for Windows NT Server, users behind corporate firewalls or proxy servers would not be at risk. Most consumers are not at risk because their Internet service providers use proxy servers, Nash said.

For an alternative IE 3.02 download site, go to CNET's DOWNLOAD.COM.